DiskBoss 11.7.28 Unquoted Service Path
Authored by Mohammed Alshehri
DiskBoss version 11.7.28 suffers from an unquoted service path vulnerability.
Change Mirror Download
# Exploit Title: DiskBoss v11.7.28 - Multiple Services Unquoted Service Path# Date: 2020-8-20# Exploit Author:...
Canon Inkjet Extended Survey Program 5.1.0.8 Unquoted Service Path
Authored by Carlos Roa
Canon Inkjet Extended Survey Program version 5.1.0.8 suffers from an unquoted service path vulnerability.
Change Mirror Download
# Exploit Title: Canon Inkjet Extended Survey Program 5.1.0.8 - 'IJPLMSVC.EXE'...
SunSSH Solaris 10 x86 Remote Root
Authored by Hacker Fantastic
A trivial to reach stack-based buffer overflow is present in libpam on Solaris. The vulnerable code exists in pam_framework.c parse_user_name() which allocates a fixed size buffer...
Windows File Enumeration Intel Gathering Tool 2.2
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org
NtFileSins.py is a Windows file enumeration intel gathering tool.
Change Mirror Download
from subprocess import Popen, PIPEimport sys,argparse,re#MIT License#Copyright (c) 2020 John Page (aka hyp3rlinx)#Permission is...
iDS6 DSSPro Digital Signage System 6.2 Cross Site Request Forgery
Authored by LiquidWorm | Site zeroscience.mk
iDS6 DSSPro Digital Signage System version 6.2 allows users to perform certain actions via HTTP requests without performing any validity checks to verify the...
iDS6 DSSPro Digital Signage System 6.2 CAPTCHA Security Bypass
Authored by LiquidWorm | Site zeroscience.mk
The CAPTCHA function for iDS6 DSSPro Digital Signage System version 6.2 is prone to a security bypass vulnerability that occurs in the CAPTCHA authentication...
iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation
Authored by LiquidWorm | Site zeroscience.mk
iDS6 DSSPro Digital Signage System version 6.2 suffers from a privilege escalation vulnerability. An authenticated user can elevate his/her privileges by calling JS functions...
SmartBlog 2.0.1 Blind SQL Injection
Authored by C0wnuts
SmartBlog version 2.0.1 suffers from a remote blind SQL injection vulnerability.
Change Mirror Download
# Exploit Title: SmartBlog 2.0.1 - 'id_post' Blind SQL injection# Date: 2020-11-05# Exploit Author: C0wnuts#...
BlogEngine 3.3.8 Cross Site Scripting
Authored by Andrey Stoykov
BlogEngine version 3.3.8 suffers from a persistent cross site scripting vulnerability.
Change Mirror Download
# Exploit Title: BlogEngine 3.3.8 - 'Content' Stored XSS# Date: 11/2020# Exploit Author: Andrey...
git-lfs Remote Code Execution
Authored by Dawid Golunski
Proof of concept git-lfs remote code execution exploit written in Go. Affects Git, GitHub CLI, GitHub Desktop, Visual Studio, GitKraken, SmartGit, SourceTree, and more.
advisories | CVE-2020-27955
Change...